XSS injection vulnerability
1. Reflective XSS injection
Cause of the vulnerability: There is no reliable input validation for user-submitted content (no filtering of sensitive strings).
Next, write a web page with a reflected xss vulnerability
a. Write xss vulnerability web page in php
Code in xss.php
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>xss</title> <script> function setCookie(name,value) { varDays = 30; var exp = new Date(); exp.setTime(exp.getTime() + Days*24*60*60*1000); document.cookie = name + "=" + escape(value) + ";expires=" + exp.toGMTString(); } setCookie("xssCookie","xssValue"); </script> </head> <body> <h1>Reflective xss</h1> <form action="/xss.php" method="get"> <input type="text" name = "xss1"> <input type="submit" value = "test"> </form> </body> </html> <?php error_reporting(0); $xss = $_GET['xss1']; if($xss !== null){ echo $xss; } ?>
Code in index.php
<?php $xss = $_GET['xss']; if($xss !== null){ echo $xss; } else{ echo "failed"; } ?>
operation result:
We test whether there is an xss vulnerability:
Input:
If the vulnerability exists, the result is as shown in the figure:
b. Reflective xss injection in DVWA (intermediate level)
Method 1: Case bypass:
Method 2: Double-write bypass
script>alert(“xss”);
Analysis:
Case bypass: Because the str_replace function is used in the code, this function is case-sensitive, but